Cryptology ePrint Archive: Report 2017/846

How to Prove Megabytes (Per Second)

Yaron Gvili

Abstract: We propose the first provably secure zero-knowledge (ZK) argument of knowledge (AoK) protocol running at close to 1 megabyte per second (MBps) on commodity hardware -- about an order of magnitude faster than relevant current protocols. It is a post-quantum, (efficient-prover) honest-verifier (HV) statistical zero-knowledge (SZK) sigma protocol in the standard model under a hardness assumption on ideal lattices. We further propose an overhead-efficient low-latency amortization yielding a witness indistinguishable (WI) and witness hiding (WH) AoK protocol running at $> 100$ MBps. Both protocols have absolute soundness slack 1, or zero for small completeness error, and an argument size growing linearly, where amortization has slope 2 and latency 1 microsecond. Non-interactive (NI), non-HV, resettable ZK (rZK) and resettable WI (rWI) variations of the protocols are obtained using standard transforms. Choices of parameters with concrete security $\ge 2^{100}$ against known attacks are given along with experimental results showing practicality.

Category / Keywords: cryptographic protocols / zero-knowledge, witness indistinguishable, witness hiding, argument of knowledge, lattice-based hashing, verifiable secret sharing, large secrets

Date: received 3 Sep 2017

Contact author: cryptomniumllc at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20170906:185116 (All versions of this report)

Short URL: ia.cr/2017/846

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]